package com.nulldev.util.networking.misc.tls;

import java.util.Arrays;

import com.nulldev.util.VariableAPI.ArrayUtils;

public class TLSStandardFiltering {

	public static String[] filterProtocols(final String[] protocols) {
		final Object[] set = Arrays.asList(protocols).stream()
				/* Disable SSL by default. No-one is using it and no-one should use it. */
				.filter(str -> !str.contains("SSL")).toArray();
		return ArrayUtils.<String>convertTo(set, String[].class);
	}

	public static String[] filterCiphers(final String[] ciphers) {
		final Object[] set = Arrays.asList(ciphers).stream()
				/* Disable NULL ciphers. */
				.filter(str -> !str.contains("WITH_NULL"))
				/* Disable MD5 */
				.filter(str -> !str.contains("MD5"))
				/* Disable anonymous suites */
				.filter(str -> !str.contains("DH_anon")).filter(str -> !str.contains("ECDH_anon"))
				/* Disable RC4 */
				.filter(str -> !str.contains("RC4"))
				/* Disable EXPORT ciphers */
				.filter(str -> !str.contains("EXPORT_WITH"))
				/* Disable non-triple DES */
				.filter(str -> {
					if (str.contains("DES")) {
						return str.contains("3DES");
					} else {
						return true;
					}
				})
				/* Disallow ANY SSL ciphers. */
				.filter(str -> !str.startsWith("SSL_"))
				/* Disallow insecure cipher re-negotiation */
				.filter(str -> !str.contains("TLS_FALLBACK_SCSV")).toArray();
		return ArrayUtils.<String>convertTo(set, String[].class);
	}
}
